SonicWall cloud backup hack was the work of a state actor

Incident responders from Mandiant have wrapped up their investigation into the SonicWall cloud backup service hack, and the verdict is in: the culprit is a state-sponsored threat actor (though the specific nation wasn’t disclosed).

“[The incident] was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call. The incident is unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices,” SonicWall said on Tuesday.

According to the company, the breach did not impact SonicWall products, firmware, or other internal systems, tools, source code, or customer networks.

How did the attackers get access?

SonicWall detected suspicious activity – specifically, the downloading of backup firewall configuration files – in early September 2025. On September 17, the company disclosed that attackers had brute-forced their way into its cloud backup service.

Initially, SonicWall believed that only a small percentage of firewall customers were affected. However, several weeks later it confirmed that all backup files had been compromised.

Credentials and secrets contained in these files were (and likely remain) encrypted, but SonicWall warned that the non-encrypted information “could make it easier for attackers to potentially exploit the related firewall.”

The company urged affected customers to disable or restrict access to HTTP/HTTPS and SSH management over the WAN; SSL VPN, IPSEC VPN, and SNMP; and inbound WAN access to internal services allowed via NAT/Access Rules. It also advised users to reset passwords, re-enroll TOTP for all users, replace keys, reset API tokens, generate new IAM access keys and update them in SonicWall settings, and more.

SonicWall did not disclose when the brute-force activity began or how long it took them to notice it.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!